Data stored on computers may have high value in monetary terms and/or in relation to an ability to compete or do business. The data may include trade secrets such as decryption codes and secret processes as well as other confidential business data or personal information such as social security numbers and credit card numbers. With the aim of enhancing the security of such data in disparate processing systems, the Trusted Computing Group (TCG), a not-for-profit industry-standards organization, has formed and adopted specifications for more secure computing environments. TCG specifications include, for instance, TCG trusted platform module (TPM) Specification Version 1.2 Revision 94, Part I Design Principles, dated Mar. 29, 2006, and TCG Main Specification Version 1.1b, dated TCG Main Specification Version 1.1b.
TCG specifications define trusted processing systems, or platforms, generally as processing systems that will behave in a particular manner for a specific purpose. A trusted processing system may provide data security functions such as data encryption, decryption and storage. A key component of a trusted processing system is the TPM, a module which may perform cryptographic hashings to detect loss of integrity, public and secret key encryption to prevent unauthorized disclosure of data, and digital signing to authenticate transmitted information. The TCG Protected Storage mechanisms, which may be rooted in hardware, may protect keys, secrets and hash values.
Integrity metrics for a trusted processing system facilitate a determination regarding whether a processing system operates in a safe, or “trusted”, configuration of hardware and software when it has access to sensitive data. Integrity metrics may be established by measuring the runtime configuration of the processing system at a point at which the configuration can be trusted, such as at the time of manufacture, and sealing the sensitive data to that configuration. Furthermore, measurements and demonstrations for trustworthiness are implemented in hardware with authenticated or trusted code. The hardware such as processor(s), chipsets, and TPMs may include functionality to assure that certain transactions may only be initiated by the authenticated code and may verify that the code is not tampered with or compromised via measurement of integrity metrics. Trustworthiness is typically established upon boot or reset of the processing system by establishing a protected core of data and code prior to booting the OS. Each time the processing system is powered down or reset, the protected core is reinitialized and authenticated minimize an attacker's ability to compromise protected data by changing the code when the processing system is powered down or reset. Establishing the protected core prior to booting the OS is also a security measure to minimize an attacker's ability to tamper with the security protocols.
In a typical processing system, firmware provides the machine instructions that control the pre-OS, or pre-boot, operations of the system between powering-up/resetting the processing system and booting of an operating system (OS) on the processing system. The OS then takes over primary functionality of the processing system. For instance, in some systems a virtual machine monitor (VMM) or hypervisor code may assume control of over the system's resources such as central processing units (CPUs), memory, hard drives, and other components. The VMM can launch and manage virtual environments and launch a higher-level OS, such as Microsoft™ Windows, Linux™, Unix™, etc., in each of the virtual environments.
Firmware may also control certain operations after the OS has been loaded, referred to as post-boot operations, such as operations for handling certain hardware events and/or system interrupts. More specifically, firmware may handle pre-boot and post-boot operations through a set of routines referred to collectively as a basic input/output system (BIOS). The BIOS thus provides the interface between the hardware components of the system and software components such as the OS. A couple of newer alternatives for BIOS include version 1.10 of the extensible firmware interface (EFI) Specification, dated Dec. 1, 2002, and version 2.0 of the Unified EFI (UEFI) Specification, dated Jan. 31, 2006.
After establishing a protected core, firmware such as BIOS, EFI, or UEFI can measure the current runtime configuration of the processing system and compare the current runtime configuration against the runtime of the trusted configuration in the TPM. If the integrity of the current runtime configuration is compromised or otherwise changed, access to the sensitive data can be denied or ignored. Furthermore, a trusted processing system may allow access to the sensitive data if the runtime configuration at the time of the access is sufficiently similar to the runtime of the trusted configuration to be trustworthy.
While the protected core offers hardware-based security for data and code, more is needed. The proliferation of services offered via networks and the Internet continues to increase the needs for protection and execution of processes not only from a rogue user or software virus but also from one another. In other words, a single protected core or partition on a processing system is insufficient. Furthermore, while the current trend is moving toward larger numbers of processor cores in processing systems, current OS software cannot readily scale beyond eight processor cores.
A current solution is to launch a protected core managed by the firmware and then launch and secure additional partitions via the VMM. The VMM is a low-level OS that offers control of platform partitioning at a logical level. The VMM can leverage many OS runtimes across a number of processor cores, offering several runtime environments in different partitions. However, the VMM can only handle up to eight cores and the security for the additional partitions is dependent upon the VMM, which is a low-level OS not firmware. The VMM controls software loads for the additional partitions rather than firmware and, e.g., the TPM. Thus, sensitive data may be compromised if an attacker takes the hard disk and hacks the VMM.